diff options
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg/0002-configure-allow-libpostproc-without-gpl-flag.patch | 34 | ||||
-rw-r--r-- | meta/recipes-multimedia/ffmpeg/ffmpeg_3.0.bb | 3 | ||||
-rw-r--r-- | meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch | 6 | ||||
-rw-r--r-- | meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch | 46 | ||||
-rw-r--r-- | meta/recipes-support/ca-certificates/ca-certificates/0003-update-ca-certificates-use-relative-symlinks-from-ET.patch | 71 | ||||
-rw-r--r-- | meta/recipes-support/ca-certificates/ca-certificates_20190110.bb (renamed from meta/recipes-support/ca-certificates/ca-certificates_20160104.bb) | 31 |
6 files changed, 131 insertions, 60 deletions
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg/0002-configure-allow-libpostproc-without-gpl-flag.patch b/meta/recipes-multimedia/ffmpeg/ffmpeg/0002-configure-allow-libpostproc-without-gpl-flag.patch new file mode 100644 index 0000000000..dc11f34d71 --- /dev/null +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg/0002-configure-allow-libpostproc-without-gpl-flag.patch @@ -0,0 +1,34 @@ +Upstream-Status: inappropriate [distro-specific] + +Signed-off-by: Andreas Oberritter <obi@opendreambox.org> + +From 9c28ed17d1184ee95819e4c576373c20fe2c3600 Mon Sep 17 00:00:00 2001 +From: Andreas Oberritter <obi@opendreambox.org> +Date: Sat, 11 Feb 2017 22:57:42 +0100 +Subject: [PATCH] configure: allow libpostproc without gpl flag + +There may be GPL'ed programs in a distribution which want libpostproc, +while other GPL-incompatible programs use some of the other libraries +provided by ffmpeg. + +Since we know the license of libpostproc, we mark the resulting binary +package accordingly instead of refusing to build it. + +Signed-off-by: Andreas Oberritter <obi@opendreambox.org> +--- + configure | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure b/configure +index d60ffd8..cd53e6c 100755 +--- a/configure ++++ b/configure +@@ -3135,7 +3135,7 @@ avdevice_deps="avformat avcodec avutil" + avfilter_deps="avutil" + avformat_deps="avcodec avutil" + avresample_deps="avutil" +-postproc_deps="avutil gpl" ++postproc_deps="avutil" + swresample_deps="avutil" + swscale_deps="avutil" + diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_3.0.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_3.0.bb index 3b682c90ea..ae461b19d9 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_3.0.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_3.0.bb @@ -24,7 +24,8 @@ LIC_FILES_CHKSUM = "file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://COPYING.LGPLv3;md5=e6a600fd5e1d9cbde2d983680233ad02" SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \ - file://0001-configure-build-fix-for-P5600-with-mips-code-restruc.patch" + file://0001-configure-build-fix-for-P5600-with-mips-code-restruc.patch \ + file://0002-configure-allow-libpostproc-without-gpl-flag.patch" SRC_URI[md5sum] = "ef9b6634bb7c920efc940b4d55adf7b2" SRC_URI[sha256sum] = "12f32cee41c74435f608c30793fd616bdf53467bb513278e273e135a4c58e470" diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch index 4b4b287d4e..4a8ae5f4b5 100644 --- a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch +++ b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch @@ -6,9 +6,13 @@ This solves errors such as | Running hooks in [...]/rootfs/etc/ca-certificates/update.d... | [...]/usr/sbin/update-ca-certificates: line 194: Not: command not found +| [...]/usr/sbin/update-ca-certificates: line 230: Not a directory: --: command not found +| E: Not a directory: -- exited with code 127. + Upstream-Status: Inappropriate Signed-off-by: Ross Burton <ross.burton@intel.com> +Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com> --- sbin/update-ca-certificates | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) @@ -24,7 +28,7 @@ Index: git/sbin/update-ca-certificates - VERBOSE_ARG= - [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose" - eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read hook -+ eval run-parts --test -- "$HOOKSDIR" | while read hook ++ eval run-parts --test "$HOOKSDIR" | while read hook do ( cat "$ADDED" cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?." diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch deleted file mode 100644 index bf027233d1..0000000000 --- a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch +++ /dev/null @@ -1,46 +0,0 @@ -Upstream-Status: Pending - -From 111e905fe931da1a3800accfc675cc01c8ee080c Mon Sep 17 00:00:00 2001 -From: Ulf Samuelsson <ulf@emagii.com> -Date: Tue, 28 Feb 2012 06:42:58 +0100 -Subject: [PATCH] update-ca-certificates: remove c rehash - -Updated earlier patch to apply clean on 2012-02-12 -Signed-off-by: Ulf Samuelsson <ulf@emagii.com> ---- - sbin/update-ca-certificates | 20 ++++++++++---------- - 1 files changed, 10 insertions(+), 10 deletions(-) - -diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates -index 5375950..c567e3d 100755 ---- a/sbin/update-ca-certificates -+++ b/sbin/update-ca-certificates -@@ -132,16 +132,16 @@ rm -f "$CERTBUNDLE" - ADDED_CNT=$(wc -l < "$ADDED") - REMOVED_CNT=$(wc -l < "$REMOVED") - --if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ] --then -- # only run if set of files has changed -- if [ "$verbose" = 0 ] -- then -- c_rehash . > /dev/null -- else -- c_rehash . -- fi --fi -+#if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ] -+#then -+# # only run if set of files has changed -+# if [ "$verbose" = 0 ] -+# then -+# c_rehash . > /dev/null -+# else -+# c_rehash . -+# fi -+#fi - - chmod 0644 "$TEMPBUNDLE" - mv -f "$TEMPBUNDLE" "$CERTBUNDLE" --- -1.7.4.1 diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0003-update-ca-certificates-use-relative-symlinks-from-ET.patch b/meta/recipes-support/ca-certificates/ca-certificates/0003-update-ca-certificates-use-relative-symlinks-from-ET.patch new file mode 100644 index 0000000000..4bd967f788 --- /dev/null +++ b/meta/recipes-support/ca-certificates/ca-certificates/0003-update-ca-certificates-use-relative-symlinks-from-ET.patch @@ -0,0 +1,71 @@ +From a9fc13b2aee55655d58fcb77a3180fa99f96438a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik@jci.com> +Date: Wed, 28 Mar 2018 16:45:05 +0100 +Subject: [PATCH] update-ca-certificates: use relative symlinks from + $ETCCERTSDIR +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +update-ca-certificates symlinks (trusted) certificates +from $CERTSDIR or $LOCALCERTSDIR into $ETCCERTSDIR. +update-ca-certificates can call hook scripts installed +into /etc/ca-certificates/update.d. Those scripts are +passed the pem file in /etc/ssl/certs/ that was added or +removed in this run and those pem files are absolute +symlinks into $CERTSDIR or $LOCALCERTSDIR at the moment. + +When running update-ca-certificates during image build +time, they thusly all point into the host's file system, +not into the $SYSROOT. This means: +* the host's file system layout must match the one + produced by OE, and +* it also means that the host must have installed the same + (or more) certificates as the target in $CERTSDIR and + $LOCALCERTSDIR + +This is a problem when wanting to execute hook scripts, +because they all need to be taught about $SYSROOT, and +behave differently depending on whether they're called +at image build time, or on the target, as otherwise they +will be trying to actually read the host's certificates +from $CERTSDIR or $LOCALCERTSDIR. + +This also is a problem when running anything else during +image build time that depends on the trusted CA +certificates. + +Changing the symlink to be relative solves all of these +problems. Do so. + +Upstream-Status: Inappropriate [OE-specific] +Signed-off-by: André Draszik <andre.draszik@jci.com> +--- + sbin/update-ca-certificates | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates +index 00f80c7..7e911a9 100755 +--- a/sbin/update-ca-certificates ++++ b/sbin/update-ca-certificates +@@ -29,6 +29,7 @@ CERTSDIR=$SYSROOT/usr/share/ca-certificates + LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates + CERTBUNDLE=ca-certificates.crt + ETCCERTSDIR=$SYSROOT/etc/ssl/certs ++FSROOT=../../../ # to get from $ETCCERTSDIR to the root of the file system + HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d + + while [ $# -gt 0 ]; +@@ -125,9 +126,10 @@ add() { + PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \ + -e 's/[()]/=/g' \ + -e 's/,/_/g').pem" +- if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ] ++ DST="$(echo ${CERT} | sed -e "s|^$SYSROOT||" -e "s|^/|$FSROOT|" )" ++ if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${DST}" ] + then +- ln -sf "${CERT##$SYSROOT}" "$PEM" ++ ln -sf "${DST}" "$PEM" + echo "+$PEM" >> "$ADDED" + fi + # Add trailing newline to certificate, if it is missing (#635570) diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20160104.bb b/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb index e0f1939137..4152fe12a9 100644 --- a/meta/recipes-support/ca-certificates/ca-certificates_20160104.bb +++ b/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb @@ -5,21 +5,25 @@ This derived from Debian's CA Certificates." HOMEPAGE = "http://packages.debian.org/sid/ca-certificates" SECTION = "misc" LICENSE = "GPL-2.0+ & MPL-2.0" -LIC_FILES_CHKSUM = "file://debian/copyright;md5=e7358b9541ccf3029e9705ed8de57968" +LIC_FILES_CHKSUM = "file://debian/copyright;md5=aeb420429b1659507e0a5a1b123e8308" # This is needed to ensure we can run the postinst at image creation time -DEPENDS = "ca-certificates-native" -DEPENDS_class-native = "" +DEPENDS = "" +DEPENDS_class-native = "openssl-native" +DEPENDS_class-nativesdk = "openssl-native" +# Need c_rehash from openssl and run-parts from debianutils +PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" -SRCREV = "f54715702c5c0581c9461f78fd84e2c8d2ec243c" +SRCREV = "c28799b138b044c963d24c4a69659b6e5486e3be" -SRC_URI = "git://anonscm.debian.org/collab-maint/ca-certificates.git \ - file://0001-update-ca-certificates-remove-c-rehash.patch \ +SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \ file://0002-update-ca-certificates-use-SYSROOT.patch \ file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \ file://update-ca-certificates-support-Toybox.patch \ file://default-sysroot.patch \ - file://sbindir.patch" + file://sbindir.patch \ + file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \ + " S = "${WORKDIR}/git" @@ -49,7 +53,7 @@ do_install () { echo "# Lines starting with ! will remove certificate on next update" echo "#" find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \ - sed 's,^${D}${datadir}/ca-certificates/,,' + sed 's,^${D}${datadir}/ca-certificates/,,' | sort } >${D}${sysconfdir}/ca-certificates.conf } @@ -61,20 +65,23 @@ do_install_append_class-target () { ${D}${mandir}/man8/update-ca-certificates.8 } -pkg_postinst_${PN} () { - SYSROOT="$D" update-ca-certificates +pkg_postinst_${PN}_class-target () { + SYSROOT="$D" $D${sbindir}/update-ca-certificates } CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf" -# Postinsts don't seem to be run for nativesdk packages when populating SDKs. +# Rather than make a postinst script that works for both target and nativesdk, +# we just run update-ca-certificate from do_install() for nativesdk. CONFFILES_${PN}_append_class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt" do_install_append_class-nativesdk () { - SYSROOT="${D}${SDKPATHNATIVE}" update-ca-certificates + SYSROOT="${D}${SDKPATHNATIVE}" ${D}${sbindir}/update-ca-certificates } do_install_append_class-native () { SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates } +RDEPENDS_${PN} += "openssl" + BBCLASSEXTEND += "native nativesdk" |